Presentation is loading. Please wait.

Presentation is loading. Please wait.

January 6, 2003 A Gathering of Networks. Network Security Issues & Developments.

Published byClarissa Andrews Modified over 8 years ago

Similar presentations

Presentation on theme: "January 6, 2003 A Gathering of Networks. Network Security Issues & Developments."— Presentation transcript:

1 January 6, 2003 A Gathering of Networks

2 Network Security Issues & Developments

3 1.56k/cable/DSL/satellite/802.11b 2. Networking security? 3. Security focus? 4. Robert Morris? 5. Defcon 1 – 10? 6. 2600 7. Computer Security Quiz

4 1971 Capt. Crunch

5 Threat Development 2000 Sophistication of Attacker Tools Required Knowledge of Attackers 19901980 Low High Password Guessing Self-replicating Code Disabling Audits Password Guessing Backdoors Sniffers Packet Spoofing Tools with GUI Highjack Sessions Exploiting Known Vulnerabilities

6 Wire Tap Central Kevin Poulsen, Aka “Dark Dante” Pacific Telephone & KIS Radio - 1991

7 Statistics 2001 Computer Security Incidents/ Vulnerabilities Doubled 52,658 incidents 2,437 vulnerabilities (CERT) 2002 82,094 incidents 4,129 vulnerabilities

8 Bank Robbery via Modem Vladimir Levin Citibank, 1994 $10 million stolen 36 months prison restitution

9 Statistics 2001 12% of Online Corporate Databases Breached 27% were banking and financial services databases 18% were medical/healthcare & telecommunications (Evans Data Corp)

10 SQL Slammer 24 January, 2003 Bank of America ATMs Infected 250,000 servers Seattle Emergency Call Center Continental Airlines online ticketing system Microsoft

11 Almost sparked a war Ehud Tenebaum, aka The Analyzer, Solar Sunrise, 1998

12 Statistics August 2002 AT&T Business Continuity Survey 1 in 4 companies have NO business continuity plan 19% of companies with plans – untested (Digital Research)

13 April 2002 - Princeton, NJ Stephen LeMenager, Associate Dean & Director of Adminisions, Princeton University Victims: 8 students, Yale University, Princeton University Just doing his job??? (an aside)

14 GOALS & Targets 1. Secret info: government, business 2. Control: Infrastructure 3. Proprietary information 4. Financial information 5. Personal information 6. Cover, bandwidth: anyone

15 Anatomy of an Attack 1. reconnaissance 2. the attack

16 1. online - web site 2. trash dumpster 3. telephone call(s) 4. walk in 5. steal a laptop 6. compromise a home computer 7. online - probes 8. online - telnet Reconnaissance

17 Various Attacks 1. guessed or stolen password 2. Trojan Horse access 3. Buffer Overflow 4. MANY other software attacks

18 122.48.32.97 163.50.82.5 30.21.176.51 23.56.11.37 245.229.62.67 233.198.15.84 Looping For Cover

19 Air Force NIPRNET Attack December 25 and 26, 2001

20 opponents 1. recreational hackers 2. disgruntled insiders 3. hacktivists 4. lone criminals 5. organized crime 6. terrorist organizations 7. intelligence services 8. information warfare units

21 diagnosis 1. big problem, but incomplete understanding 2. potential for great danger is significant

22 prescription 1. security standards promoted a. VOLUNTARILY b. regulation AND/OR c. civil litigation, insurance 2. information sharing a. vulnerabilities, threats b. attacks

23 NIPC promotes best practices Best practices computer policy stand alone boxes to Internet onsite & telecommuting Network banner Awareness checklist – employee signs every six months Network security position - patches Virus protection software Firewall Intrusion detection software Disaster Recovery Plan - redundancy

24 ISO 17799 Security Policy Security Organization Asset classification and control Personnel Security Physical and environmental security Communications and operations management Access Control Systems Development and maintenance Business Continuity Management Compliance (HIPAA) (Gramm-Leach-Bliley)

25

26 www.nipc.gov Publications: Cybernotes (Bugs, Holes, Patches) Highlights Password Protection 101 Seven Simple Computer Security Tips A Guide to Using E-mail Correspondence

27

28 72 chapters – 56 FBI offices 1000 + companies 7000 + members Information Sharing Through InfraGard

29

30

31

32 Web Sites www.fbi.gov www.nipc.gov www.infragard.net

33 SA Tom Liffiton FBI Phoenix E-mail: tliffiton@fbi.gov infragard-px@leo.gov Telephone: (602) 279-5511 x3105 Questions?

Download ppt "January 6, 2003 A Gathering of Networks. Network Security Issues & Developments."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
IT Security Assurance Management of Network and User Behavior Budi Rahardjo INDOCISC - ID-CERT -

IT Security Assurance Management of Network and User Behavior Budi Rahardjo INDOCISC - ID-CERT -
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager.

IT Security “Knowing the potential threat to YOU and your business” Ian McLachlan IT Manager.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Ch.5 It Security, Crime, Compliance, and Continuity

Ch.5 It Security, Crime, Compliance, and Continuity
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
22 November 2010. Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.

22 November Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.
CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Project 2 – due today before midnight Tuesday Class Quiz 1 – Access Basics Questions/Comments.
CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments.

CHAPTER 4 Information Security. Announcements Friday Class Quiz 1 Review Monday Class Quiz 1 – Access Basics Questions/Comments.
10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.

10.1 © 2006 by Prentice Hall 10 Chapter Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.

Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Similar presentations

Ads by Google